Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: rhos-18.0.0
Affects Version/s: rhos-18.0.0
Component/s: openstack-nova
Labels:
- Security
- Triaged

Story Points:
2
Blocked:
False
Ready:
False
Fixed in Build:
openstack-nova-27.1.1-18.0.20230930093334.a869ab1.el9ost
Regression:
None
Release Note Text:
Undefined

Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Copied from the upstream bug [1]:

"This bug report is related to Security.

Currently novnc is allowing open direction, which could potentially be used for phishing attempts

To test.
https://<sites' vnc domain>//example.com/%2F..
include .. at the end

For example:
http://vncproxy.my.domain.com//example.com/%2F..

It will redirect to example.com. You can replace example.com with some legitimate domain or spoofed domain.

The description of the risk is
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance."

[1] https://bugs.launchpad.net/nova/+bug/1927677

external trackers

Launchpad 1927677

OpenStack gerrit 791297

Red Hat Issue Tracker OSP-3981

Assignee:: melanie witt

Reporter:: RH Bugzilla Integration

Team:: rhos-workloads-compute

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021/05/17 5:58 PM

Updated:: 2024/08/29 10:36 PM

Resolved:: 2024/05/22 3:50 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty